In TLS record write protocol (encrypt), application may request for
extra padding in addition to the default padding which ensures that
crypto payload is aligned to block size. This is required to hide
the size of the traffic from an observer.
Extend the usage of ``rte_crypto_op.aux_flags`` to allow users to
provide extra padding in units of 8B. It is an optional feature and any
device that supports the same can declare so by making use of
corresponding capability.
Signed-off-by: Anoob Joseph <ano...@marvell.com>
Signed-off-by: Vidya Sagar Velumuri <vvelum...@marvell.com>
---
lib/cryptodev/rte_crypto.h | 14 +++++++++++++-
lib/security/rte_security.h | 16 ++++++++++++++++
2 files changed, 29 insertions(+), 1 deletion(-)
diff --git a/lib/cryptodev/rte_crypto.h b/lib/cryptodev/rte_crypto.h
index 9b8d0331a4..7b8f2bdc6d 100644
--- a/lib/cryptodev/rte_crypto.h
+++ b/lib/cryptodev/rte_crypto.h
@@ -99,8 +99,20 @@ struct rte_crypto_op {
/**< operation session type */
uint8_t aux_flags;
/**< Operation specific auxiliary/additional flags.
- * These flags carry additional information from the
+ * These flags carry additional information from/to the
* operation. Processing of the same is optional.
+ *
+ * The flags are defined as RTE_CRYPTO_OP_AUX_FLAGS_*
and would be set by
+ * PMD for application consumption when the status is
+ * RTE_CRYPTO_OP_STATUS_SUCCESS. In case of errors, the
value of this
+ * field is undefined.
+ *
+ * With TLS record offload
(RTE_SECURITY_PROTOCOL_TLS_RECORD),
+ * application may provide the extra padding required
for the plaintext
+ * provided. This field can be used for passing the
same in units of 8B. The
+ * value would be set by application for PMD
consumption.
+ *
+ * @see struct rte_security_tls_record_sess_options
*/
uint8_t reserved[2];
/**< Reserved bytes to fill 64 bits for
diff --git a/lib/security/rte_security.h b/lib/security/rte_security.h
index 54c32c1147..89e61e10ad 100644
--- a/lib/security/rte_security.h
+++ b/lib/security/rte_security.h
@@ -636,6 +636,22 @@ struct rte_security_tls_record_sess_options {
* and application is not required to provide IV.
*/
uint32_t iv_gen_disable : 1;
+ /** Enable extra padding
+ *
+ * TLS allows user to pad the plain text to hide the actual size of
the record. This is
+ * required to achieve traffic flow confidentiality in case of
TLS/DTLS flows. This padding
+ * is in addition to the default padding performed by PMD (which
ensures ciphertext is
+ * aligned to block size).
+ *
+ * On supported devices, application may pass the required additional
padding via
+ * ``rte_crypto_op.aux_flags`` field.
+ *
+ * 1 : Enable extra padding of the plain text provided. The extra
padding value would be
+ * read from ``rte_crypto_op.aux_flags``.
+ *
+ * 0 : Disable extra padding
+ */
+ uint32_t extra_padding_enable : 1;
};
/**
--
2.25.1
